<?php
if (!defined('IN_D_ADMIN')) die("Error 404");
$edit_url = 'index.php?act=user&mode=edit';
$us_id=(!empty($_GET['us_id']) && is_numeric($_GET['us_id']))?$_GET['us_id']:'';
$us_del_id=(!empty($_GET['us_del_id']) && is_numeric($_GET['us_del_id']))?$_GET['us_del_id']:'';
$inp_arr = array(
		'name'		=> array(
			'table'	=>	'u_name',
			'name'	=>	$lang_acp['username'],
			'type'	=>	'free',
		),
		'email'	=> array(
			'table'	=>	'u_email',
			'name'	=>	$lang_acp['email'],
			'type'	=>	'free',
		),
		'password'	=> array(
			'table'	=>	'u_password',
			'name'	=>	$lang_acp['password'],
			'type'	=>	'password',
			'always_empty'	=>	true,
			'update_if_true'	=>	'trim($password) != ""',
			'can_be_empty'	=>	true,
		),
		'level'	=> array(
			'table'	=>	'u_level',
			'name'	=>	$lang_acp['level'],
			'type'	=>	'function::acp_user_level::number',
		),
		'sex'	=> array(
			'table'	=>	'u_sex',
			'name'	=>	$lang_acp['sex'],
			'type'	=>	'function::acp_user_sex::number',
		),
		'date'		=>	array(
			'table'	=>	'u_regdate',
			'type'	=>	'hidden_value',
			'value'	=>	date("Y-m-d",NOW),
			'change_on_update'	=>	true,
		),
		'playlist_id'		=>	array(
			'table'	=>	'u_playlist_id',
			'type'	=>	'hidden_value',
			'value'	=>	$func->random_str(20),
			'change_on_update'	=>	false,
		),
);
$error_arr = array();
##################################################
# ADD USER
##################################################
if ($mode == 'add') {
	acp_check_permission('add_user');
	if (!empty($_POST['submit'])) {	
		$error_arr = $form->checkForm($inp_arr);
		if (empty($error_arr)) {
			$name = $func->htmlchars(stripslashes(trim(urldecode($_POST['name']))));
			$password = md5(md5(stripslashes($_POST['password'])));
			$sql = $form->createSQL(array('INSERT',$conf['prefix'].'user'),$inp_arr);
			eval('$DB->query("'.$sql.'");');
			echo $lang_acp['added']." <meta http-equiv='refresh' content='1;url=$link'>";
			exit();
		}
	}
	$warn = $form->getWarnString($error_arr);

	$form->createForm($lang_acp['add_user'],$inp_arr,$error_arr);
}
##################################################
# EDIT USER
##################################################
if ($mode == 'edit') {
	if ($us_del_id) {
		acp_check_permission('del_user');
		if (!empty($_POST['submit'])) {
			$DB->query("DELETE FROM ".$conf['prefix']."user WHERE u_id = ".$us_del_id);
			echo $lang_acp['deleted']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
			exit();
		}
		?>
		<form method="post">
		<?php echo $lang_acp['ask_u_del']?> ??????<br>
		<input value="Có" name=submit type=submit class=submit>
		</form>
		<?php
	}
	elseif (!empty($_POST['do'])) {
		$arr = $_POST['checkbox'];
		if (!count($arr)) die($lang_acp['error']);
		if (!empty($_POST['selected_option']) == 'del') {
			acp_check_permission('del_user');
			$in_sql = implode(',',$arr);
			$DB->query("DELETE FROM ".$conf['prefix']."user WHERE u_id IN (".$in_sql.")");
			echo $lang_acp['deleted']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
		}
	}
	elseif ($us_id) {
		acp_check_permission('edit_user');
		if (empty($_POST['submit'])) {
			$q = $DB->query("SELECT * FROM ".$conf['prefix']."user WHERE u_id = '$us_id'");
			$r = $DB->fetch_row($q);
			
			foreach ($inp_arr as $key=>$arr) $$key = (($r[$arr['table']]));
			
		}
		else {
			$error_arr = array();
			$error_arr = $form->checkForm($inp_arr);
			if (empty($error_arr)) {
				if ($_POST['password']) $password = md5(md5(stripslashes($_POST['password'])));
				$sql = $form->createSQL(array('UPDATE',$conf['prefix'].'user','u_id','us_id'),$inp_arr);
				eval('$DB->query("'.$sql.'");');
				echo $lang_acp['edited']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
				exit();
			}
		}
		$warn = $form->getWarnString($error_arr);
		$form->createForm($lang_acp['edit_user'],$inp_arr,$error_arr);
	}
	else {
		acp_check_permission('edit_user');
		
		$m_per_page = 30;
		if (!$pg) $pg = 1;
		$extra = (($search)?"u_name LIKE '%".$search."%' ":'');	
		$q = $DB->query("SELECT * FROM ".$conf['prefix']."user WHERE u_id<>{$conf['super_admin']} ".(($extra)?$extra." ":'')."ORDER BY u_name ASC LIMIT ".(($pg-1)*$m_per_page).",".$m_per_page);
		$tt = $DB->num_rows($DB->query("SELECT u_id FROM ".$conf['prefix']."user WHERE u_id<>{$conf['super_admin']}".(($extra)?" ".$extra:'')));
		
		if ($tt) {
			if ($search) {
				$link2 = preg_replace("#&search=(.*)#si","",$link);
			}
			else $link2 = $link;
			
			echo "{$lang_acp['id_user']} <b>{$lang_acp['edit']}</b>: <input id=us_id size=20> <input type=button onclick='window.location.href = \"".$link."&us_id=\"+document.getElementById(\"us_id\").value;' value={$lang_acp['edit']}><br><br>";
			echo "{$lang_acp['id_user']} <b>{$lang_acp['del']}</b>: <input id=us_del_id size=20> <input type=button onclick='window.location.href = \"".$link."&us_del_id=\"+document.getElementById(\"us_del_id\").value;' value={$lang_acp['del']}><br><br>";
			echo "{$lang_acp['search']} : <input id=search size=20 value=\"".$search."\"> <input type=button onclick='window.location.href = \"".$link2."&search=\"+document.getElementById(\"search\").value;' value={$lang_acp['search']}><br><br>";
			echo "<table width=90% align=center cellpadding=2 cellspacing=0 class=border><form name=media_list method=post action=$link onSubmit=\"return check_checkbox();\">";
			echo "<tr align=center><td width=3%><input class=checkbox type=checkbox name=chkall id=chkall onclick=docheck(document.media_list.chkall.checked,0) value=checkall></td><td class=title width=60%>{$lang_acp['username']}</td><td class=title>{$lang_acp['level']}</td></tr>";
			while ($r = $DB->fetch_row($q)) {
				$id = $r['u_id'];
				$name = $func->unhtmlchars($r['u_name']);
				$level = $func->user_level($id);
				echo "<tr><td><input class=checkbox type=checkbox id=checkbox onclick=docheckone() name=checkbox[] value=$id></td><td class=fr><a href='$link&us_id=".$id."'><b>".$name."</b></a></td><td class=fr_2 align=center>".$level."</td></tr>";
			}
			echo "<tr><td colspan=3>".admin_viewpages($tt,$m_per_page,$pg)."</td></tr>";
			echo '<tr><td colspan=3 align="center">'.$lang_acp['with_user_selected'].' : '.
				'<select name=selected_option><option value=del>'.$lang_acp['del'].'</option></select>'.
				'<input type="submit" name="do" class=submit value="'.$lang_acp['do'].'"></td></tr>';
			echo '</form></table>';
		}
		else echo $lang_acp['not_exist_user'];
	}
	
}
?>